mirrors
/
ntfy
espejo de https://github.com/binwiederhier/ntfy


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
							package cmd

import (
	"errors"
	"fmt"
	"github.com/urfave/cli/v2"
	"heckel.io/ntfy/auth"
	"heckel.io/ntfy/util"
)

var flagsAllow = append(
	userCommandFlags(),
	&cli.BoolFlag{Name: "reset", Aliases: []string{"r"}, Usage: "reset access for user (and topic)"},
)

var cmdAllow = &cli.Command{
	Name:      "allow",
	Usage:     "Grant a user access to a topic",
	UsageText: "ntfy allow USERNAME TOPIC [read-write|read-only|write-only]",
	Flags:     flagsAllow,
	Before:    initConfigFileInputSource("config", flagsAllow),
	Action:    execUserAllow,
	Category:  categoryServer,
}

func execUserAllow(c *cli.Context) error {
	username := c.Args().Get(0)
	topic := c.Args().Get(1)
	perms := c.Args().Get(2)
	reset := c.Bool("reset")
	if username == "" {
		return errors.New("username expected, type 'ntfy allow --help' for help")
	} else if !reset && topic == "" {
		return errors.New("topic expected, type 'ntfy allow --help' for help")
	} else if !util.InStringList([]string{"", "read-write", "read-only", "read", "ro", "write-only", "write", "wo", "none"}, perms) {
		return errors.New("permission must be one of: read-write, read-only, write-only, or none (or the aliases: read, ro, write, wo)")
	}
	if username == "everyone" {
		username = ""
	}
	read := util.InStringList([]string{"", "read-write", "read-only", "read", "ro"}, perms)
	write := util.InStringList([]string{"", "read-write", "write-only", "write", "wo"}, perms)
	manager, err := createAuthManager(c)
	if err != nil {
		return err
	}
	if reset {
		return doAccessReset(c, manager, username, topic)
	}
	return doAccessAllow(c, manager, username, topic, read, write)
}

func doAccessAllow(c *cli.Context, manager auth.Manager, username string, topic string, read bool, write bool) error {
	if err := manager.AllowAccess(username, topic, read, write); err != nil {
		return err
	}
	if username == "" {
		if read && write {
			fmt.Fprintf(c.App.ErrWriter, "Anonymous users granted full access to topic %s\n", topic)
		} else if read {
			fmt.Fprintf(c.App.ErrWriter, "Anonymous users granted read-only access to topic %s\n", topic)
		} else if write {
			fmt.Fprintf(c.App.ErrWriter, "Anonymous users granted write-only access to topic %s\n", topic)
		} else {
			fmt.Fprintf(c.App.ErrWriter, "Revoked all access to topic %s for all anonymous users\n", topic)
		}
	} else {
		if read && write {
			fmt.Fprintf(c.App.ErrWriter, "User %s now has read-write access to topic %s\n", username, topic)
		} else if read {
			fmt.Fprintf(c.App.ErrWriter, "User %s now has read-only access to topic %s\n", username, topic)
		} else if write {
			fmt.Fprintf(c.App.ErrWriter, "User %s now has write-only access to topic %s\n", username, topic)
		} else {
			fmt.Fprintf(c.App.ErrWriter, "Revoked all access to topic %s for user %s\n", topic, username)
		}
	}
	return nil
}

func doAccessReset(c *cli.Context, manager auth.Manager, username, topic string) error {
	if err := manager.ResetAccess(username, topic); err != nil {
		return err
	}
	if username == "" {
		if topic == "" {
			fmt.Fprintln(c.App.ErrWriter, "Reset access for all anonymous users and all topics")
		} else {
			fmt.Fprintf(c.App.ErrWriter, "Reset access to topic %s for all anonymous users\n", topic)
		}
	} else {
		if topic == "" {
			fmt.Fprintf(c.App.ErrWriter, "Reset access for user %s to all topics\n", username)
		} else {
			fmt.Fprintf(c.App.ErrWriter, "Reset access for user %s and topic %s\n", username, topic)
		}
	}
	return nil
}